Fix TLS issues

* buildkitd: `--tlscacert` had been ignored * buildctl: TLS flags had been ignored for `buildctl debug workers` Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-05 18:33:15 +09:00 · 2019-03-05 18:33:15 +09:00 · a08c4479d5
parent 038973d423
commit a08c4479d5
8 changed files with 62 additions and 54 deletions
--- a/cmd/buildctl/build.go
+++ b/cmd/buildctl/build.go
@ -11,6 +11,7 @@ import (
 	"github.com/containerd/console"
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/client/llb"
+	bccommon "github.com/moby/buildkit/cmd/buildctl/common"
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/session/auth/authprovider"
 	"github.com/moby/buildkit/session/secrets/secretsprovider"
@ -123,7 +124,7 @@ func openTraceFile(clicontext *cli.Context) (*os.File, error) {
 }

 func build(clicontext *cli.Context) error {
-	c, err := resolveClient(clicontext)
+	c, err := bccommon.ResolveClient(clicontext)
 	if err != nil {
 		return err
 	}
@ -177,7 +178,7 @@ func build(clicontext *cli.Context) error {
 	}

 	ch := make(chan *client.SolveStatus)
-	eg, ctx := errgroup.WithContext(commandContext(clicontext))
+	eg, ctx := errgroup.WithContext(bccommon.CommandContext(clicontext))

 	solveOpt := client.SolveOpt{
 		Exporter: clicontext.String("exporter"),
--- a/cmd/buildctl/common/common.go
+++ b/cmd/buildctl/common/common.go
@ -0,0 +1,45 @@
+package common
+
+import (
+	"context"
+	"net/url"
+	"time"
+
+	"github.com/moby/buildkit/client"
+	opentracing "github.com/opentracing/opentracing-go"
+	"github.com/urfave/cli"
+)
+
+// ResolveClient resolves a client from CLI args
+func ResolveClient(c *cli.Context) (*client.Client, error) {
+	serverName := c.GlobalString("tlsservername")
+	if serverName == "" {
+		// guess servername as hostname of target address
+		uri, err := url.Parse(c.GlobalString("addr"))
+		if err != nil {
+			return nil, err
+		}
+		serverName = uri.Hostname()
+	}
+	caCert := c.GlobalString("tlscacert")
+	cert := c.GlobalString("tlscert")
+	key := c.GlobalString("tlskey")
+
+	opts := []client.ClientOpt{client.WithFailFast()}
+
+	ctx := CommandContext(c)
+
+	if span := opentracing.SpanFromContext(ctx); span != nil {
+		opts = append(opts, client.WithTracer(span.Tracer()))
+	}
+
+	if caCert != "" || cert != "" || key != "" {
+		opts = append(opts, client.WithCredentials(serverName, caCert, cert, key))
+	}
+
+	timeout := time.Duration(c.GlobalInt("timeout"))
+	ctx, cancel := context.WithTimeout(ctx, timeout*time.Second)
+	defer cancel()
+
+	return client.New(ctx, c.GlobalString("addr"), opts...)
+}
--- a/cmd/buildctl/common/trace.go
+++ b/cmd/buildctl/common/trace.go
@ -1,4 +1,4 @@
-package main
+package common

 import (
 	"context"
@ -32,7 +32,7 @@ func getTracer() (opentracing.Tracer, io.Closer) {
 	return opentracing.NoopTracer{}, &nopCloser{}
 }

-func attachAppContext(app *cli.App) {
+func AttachAppContext(app *cli.App) {
 	ctx := appcontext.Context()

 	tracer, closer := getTracer()
@ -82,7 +82,7 @@ func attachAppContext(app *cli.App) {

 }

-func commandContext(c *cli.Context) context.Context {
+func CommandContext(c *cli.Context) context.Context {
 	return c.App.Metadata["context"].(context.Context)
 }

--- a/cmd/buildctl/debug/workers.go
+++ b/cmd/buildctl/debug/workers.go
@ -10,6 +10,7 @@ import (

 	"github.com/containerd/containerd/platforms"
 	"github.com/moby/buildkit/client"
+	bccommon "github.com/moby/buildkit/cmd/buildctl/common"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/tonistiigi/units"
 	"github.com/urfave/cli"
@ -31,12 +32,8 @@ var WorkersCommand = cli.Command{
 	},
 }

-func resolveClient(c *cli.Context) (*client.Client, error) {
-	return client.New(commandContext(c), c.GlobalString("addr"), client.WithFailFast())
-}
-
 func listWorkers(clicontext *cli.Context) error {
-	c, err := resolveClient(clicontext)
+	c, err := bccommon.ResolveClient(clicontext)
 	if err != nil {
 		return err
 	}
--- a/cmd/buildctl/diskusage.go
+++ b/cmd/buildctl/diskusage.go
@ -7,6 +7,7 @@ import (
 	"text/tabwriter"

 	"github.com/moby/buildkit/client"
+	bccommon "github.com/moby/buildkit/cmd/buildctl/common"
 	"github.com/tonistiigi/units"
 	"github.com/urfave/cli"
 )
@ -28,12 +29,12 @@ var diskUsageCommand = cli.Command{
 }

 func diskUsage(clicontext *cli.Context) error {
-	c, err := resolveClient(clicontext)
+	c, err := bccommon.ResolveClient(clicontext)
 	if err != nil {
 		return err
 	}

-	du, err := c.DiskUsage(commandContext(clicontext), client.WithFilter(clicontext.StringSlice("filter")))
+	du, err := c.DiskUsage(bccommon.CommandContext(clicontext), client.WithFilter(clicontext.StringSlice("filter")))
 	if err != nil {
 		return err
 	}
--- a/cmd/buildctl/main.go
+++ b/cmd/buildctl/main.go
@ -1,18 +1,14 @@
 package main

 import (
-	"context"
 	"fmt"
-	"net/url"
 	"os"
-	"time"

-	"github.com/moby/buildkit/client"
+	bccommon "github.com/moby/buildkit/cmd/buildctl/common"
 	"github.com/moby/buildkit/util/apicaps"
 	"github.com/moby/buildkit/util/appdefaults"
 	"github.com/moby/buildkit/util/profiler"
 	"github.com/moby/buildkit/version"
-	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )
@ -89,7 +85,7 @@ func main() {
 		return nil
 	}

-	attachAppContext(app)
+	bccommon.AttachAppContext(app)

 	profiler.Attach(app)

@ -102,36 +98,3 @@ func main() {
 		os.Exit(1)
 	}
 }
-
-func resolveClient(c *cli.Context) (*client.Client, error) {
-	serverName := c.GlobalString("tlsservername")
-	if serverName == "" {
-		// guess servername as hostname of target address
-		uri, err := url.Parse(c.GlobalString("addr"))
-		if err != nil {
-			return nil, err
-		}
-		serverName = uri.Hostname()
-	}
-	caCert := c.GlobalString("tlscacert")
-	cert := c.GlobalString("tlscert")
-	key := c.GlobalString("tlskey")
-
-	opts := []client.ClientOpt{client.WithFailFast()}
-
-	ctx := commandContext(c)
-
-	if span := opentracing.SpanFromContext(ctx); span != nil {
-		opts = append(opts, client.WithTracer(span.Tracer()))
-	}
-
-	if caCert != "" || cert != "" || key != "" {
-		opts = append(opts, client.WithCredentials(serverName, caCert, cert, key))
-	}
-
-	timeout := time.Duration(c.GlobalInt("timeout"))
-	ctx, cancel := context.WithTimeout(ctx, timeout*time.Second)
-	defer cancel()
-
-	return client.New(ctx, c.GlobalString("addr"), opts...)
-}
--- a/cmd/buildctl/prune.go
+++ b/cmd/buildctl/prune.go
@ -6,6 +6,7 @@ import (
 	"text/tabwriter"

 	"github.com/moby/buildkit/client"
+	bccommon "github.com/moby/buildkit/cmd/buildctl/common"
 	"github.com/tonistiigi/units"
 	"github.com/urfave/cli"
 )
@ -39,7 +40,7 @@ var pruneCommand = cli.Command{
 }

 func prune(clicontext *cli.Context) error {
-	c, err := resolveClient(clicontext)
+	c, err := bccommon.ResolveClient(clicontext)
 	if err != nil {
 		return err
 	}
@ -77,7 +78,7 @@ func prune(clicontext *cli.Context) error {
 		opts = append(opts, client.PruneAll)
 	}

-	err = c.Prune(commandContext(clicontext), ch, opts...)
+	err = c.Prune(bccommon.CommandContext(clicontext), ch, opts...)
 	close(ch)
 	<-printed
 	if err != nil {
--- a/cmd/buildkitd/main.go
+++ b/cmd/buildkitd/main.go
@ -373,7 +373,7 @@ func applyMainFlags(c *cli.Context, cfg *config.Config, md *toml.MetaData) error
 	if tlskey := c.String("tlskey"); tlskey != "" {
 		cfg.GRPC.TLS.Key = tlskey
 	}
-	if tlsca := c.String("tlsca"); tlsca != "" {
+	if tlsca := c.String("tlscacert"); tlsca != "" {
 		cfg.GRPC.TLS.CA = tlsca
 	}
 	return nil